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ABSTRACT OF THE DISCLOSURE 

A system and method for initializing a SNMP agent in SNMPv3 mode. In 
one aspect of the invention, a method is provided that allows an operator to 
securely enter the initial SNMPv3 privacy and authentication keys into a SNMPvS 
device and cause the device to enter in SNMPv3 mode. The SNMP manager and 
SNMP agent both generate an associated random number and public value. The 
SNMP manager passes its public value to the SNMP agent in a configuration file, 
which causes a proprietary MIB element in the SNMPvS device to be set with 
the public value of the SNMP manager. The SNMP manager reads the public 
value of the SNMP agent through a SNMP request using an initial valid user 
having access to the public value of the SNMP agent. The SNMP agent and 
SNMP manager each independently compute a shared secret using the Diffie- 
Hellman key exchange protocol. The SNMP 'manager and SNMP agent each 
independently convert the shared secret into the same readable password, 
convert the readable password into the same secret key and set the initial 
authentication key and the initial privacy key to the value of the secret key. 
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SYSTEM AND METHOD FOR INITIALIZING A 
SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) AGENT 

BACKGROUND 

5 L Technical Field; 

The present application relates generally to a system and method for initializing an 
SNMP (simple network management protocol) agent and, in particular, a system and method 
for generating authentication and privacy keys for a first user of a SNMPv3 network-managed 
device and securely entering the keys into the device to initialize the device into SNMPv3 

10 mode. 

2. DescriptioD of Related Art: 

In general, the SNMP is a standard application-layer protocol that is employed in a 
network to facilitate the exchange of management information between networked devices. 
The SNMPv3 framework defines standard security and access control protocols known, 

15 respectively, as the User-Based Security Model (USM) and View-Based Access Control 
Model (VACM). The SMMPvB standard is an extensible "bare-bones" protocol that allows 
vendors to incorporate proprietary MIB (management information base) elements and 
applications to execute on top of the standard SNMP framework. 

An SNMP network generally comprises a plurality of distributed SNMP entities each 

20 comprising one or more SNMP agents and one or more SNMP managers (although an entity 
may comprise both an agent and manager) that communicate using SNMP messages. An 
SNMP manager (or NMS (network management station)) is responsible for managing one or 
more SNMP agents within the domain of the SNMP manager. An SNMP agent is included on 
each node (or host) of the network (e.g., computer, server, etc) that is managed by an SNMP 

25 manager. Each agent is responsible for collecting and maintaining information about its 

environment and providing such information to a respective SNMP manager and responding 
to manager commands to alter the local configuration or operating parameters of the managed 
node. Each SNMP agent maintains a local MDB (management information base, which is a 
virtual information store that comprises management information, i.e., current and historical 

30 information about the local configiu^tion and traffic of the managed device (node). More 
specifically, the SNMP agent MIB comprises a collection of managed objects within the 
device to be managed, wherein collections of related objects are defined in MIB modules. 
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In an SNMPv3 mode, an SNMP agent implements the standard USM (user-based 
security model), wherein the configuration parameters for the USM are managed via MIB 
elements defined by the SNMP-USER-BASED-SM-MIB module (which is described in 
detail, for example, in RFC 2574, "User-Based Security Model (USM) for version 3 of the 
5 Simple Network Management Protocol (SNMPv3)", by Blumenthal et al, April 1999). As is 
known in the art, for USM, all valid users associated with an SNMPv3 agent utilize a unique 
secret authentication key and unique privacy key (and standard protocols) for authentication 
incoming/outgoing messages and encrypting/decrypting the payload of outgoing/incoming 
messages. Furthermore, in an SNMPv3 mode, the SNMP agent utilizes the View-based 

1 0 Access Control Model (VACM) is utilized by the agent (in response to a call by an SNMP 
application) to determine whether a specific type of access (read, write) is authorized for a 
SNMP manager requestmg to retrieve or modify local MIB managed data, or whether the 
manager is authorized to receive notifications (traps) from the agent. The configuration 
parameters for the VACM are managed via MIB elements defined by the SNMP-VIEW- 

15 BASED- ACM-MIB as described in detail, for example, in RFC 2575, "View-based Access 
Control Model (VACM) for the Simple Network Management Protocol (SNMP) by 
Wijnen, et al, April, 1999). 

Various applications and network architectures implement the SNMP fi-amework. For 
instance, the SNMP protocol has been selected as the communications protocol for 

20 management of DOCSIS (Data Over Cable Service Interface Specifications)-based cable 
modem systems. The DOCSIS cable modems are configured with SNMP agents, which 
allows a manager (operator of the DOCSIS cable modem system) to remotely manage and 
configure the cable modems of the end users. The current DOCSIS cable modem system 
framework, however, does not provide a standard protocol for entering the initial 

25 authentication and privacy keys into a cable modem to initialize the cable modem in SNMP 
v3 mode and vendors must provide proprietar>' protocols for performing this initialization. 

The SNMPvS framework recommends that the usmUserTable be populated out of 
band, e.g., not using SNMP (i.e., the first user must be created and its authorization and 
privacy keys entered in the managed device without using SNMP). SNMP can not be used for 

30 this initialization because it provides privacy only by using the privacy key of an already 

existing user. If the number of agents to be initialized is small, an initialization process can be 
perfomied via a console port and manually. If the number of agents is large, such as in cable 
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modem systems, the manual approach is burdensome and does not scale well. Accordingly, a 
system and method that would provide a secure method for entering the privacy and 
authentication keys into a cable modem in a DOCSIS system to initialize the modem in 
SNMPv3 mode is highly desirable. 

SUMMARY OF THE INVENTION 
The present invention is directed to a system and method for initializing a SNMP 
agent in SNMPv3 mode. In one aspect of the invention, a method is provided that allows an 
operator to securely enter the initial SNMPv3 privacy and authentication keys into a SNMPvS 
device and cause the device to enter in SNMPvS mode. The SNMP manager and SNMP agent 
both generate an associated random number and public value. The SNMP manager passes its 
public value to the SNMP agent in a configuration file, which causes a proprietary MIB 
element in the SNMPvB device to be set with the public value of the SNMP manager. The 
SNMP manager reads the public value of the SNMP agent through a SNMP request using an 
initial valid user having access to the public value of the SNMP agent. The SNMP agent and 
SNMP manager each independently compute a shared secret using the Diffie-Hellman key 
exchange protocol. The SNMP manager and SNMP agent each independently convert the 
shared secret into the same readable password, convert the readable password into the same 
secret key, and then set the initial authentication key and the initial privacy key to the value of 
the secret key. 

In another aspect of the present invention, the configuration file passes the CMTS 
Diffie-Hellman public value to the modem using a proprietary configuration file object type, 
wherein the proprietary configuration file object has the advantage of not causing SNMP 
vl/v2c capable only modems to reject the configuration file because they do not understand a 
standard SNMP MIB object (configuration file element type 11) that may be used to set a 
proprietary MIB element in the modem. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block diagram of system for initializing a SNMPvS agent according to an 
exemplary embodiment of the present invention; and 

Fig. 2 is a flow diagram of a method for initializing a SNMPvS agent according to one 
aspect of the present invention. 
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DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 
It is to be understood that the present invention may be implemented in various forms 
of hardware, software, firmware, special purpose processors, or a combination thereof. 
Preferably, the present invention is implemented in software as an application comprising 
5 program instructions that are tangibly embodied on one or more program storage devices (e.g., 
magnetic floppy disk, RAM, CD ROM, ROM, Flash memory, etc.) and executable by any 
device, machine or platform comprising suitable architecture. It is to be further understood 
that because some of the system components and method steps are preferably implemented in 
software, the actual connections may differ depending upon the manner in which the present 

10 invention is programmed. 

Referring to Fig. 1, block diagram illustrates a system 10 for initializing a SNMPv3 
managed device according to an exemplary embodiment of the present invention. More 
specifically, the system 10 comprises a DOCSIS cable modem system that provides 
transparent bi-directional transfer of Internet Protocol (IP) packets (received/transmitted over 

15 a backbone network 14, e.g., the Internet) between a CMTS (cable modem termination 

system) 16 and a SNMPv3 cable modem 18 over an all coaxial or hybrid-fiber/coaxial (HFC) 
cable network 17. As is known in the art, the CMTS 16 performs functions such as providing 
an interface between IP traffic and RF (radio frequency) modulation/transmission of the IP 
packets and assigning IP addresses to cable modem 1 8. It is to be understood that only one 

20 cable modem is shown for illustrative purposes, but the system 10 may comprise hundreds of 
cable modems. 

The system 10 comprises a NMS (network management station) 1 1 located on the 
backbone network 14 for managing the CMTS 16 and DOCSIS cable modem 18, The NMS 
1 1 comprises a user interface 12 (e.g., a GUI (graphic user interface)) and a SNMP manager 

25 13 of conventional architecture for communicating with the SNMP agents 19 of cable modem 
18 via SNMP messages. The system 1 0 further comprises a remote server facility 1 5 that is 
accessible by the cable modem 18 for, e.g., downloading a configuration file comprising 
parameters that are used for configuring the cable modem 18. For instance, as explained in 
detail below, the configuration file comprises objects that are used to initialize the SNMP 

30 agent 19 in SNMPvB mode using a proprietary Diffie-Hellman Key exchange protocol for 
entering the initial authentication and privacy keys into the cable modem 18. In general, this 
protocol allows an operator at the NMS (manager) 1 1 to securely enter the initial SNMPv3 
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privacy and authentication keys into the modem 18 and cause the modem 18 to enter SNMPv3 
mode using a Diffie-Hellman key exchange. The manager 13 provides its public value to the 
modem 18 via the configuration file (located, for example, in server 15), The manager 13 
reads the public value of the modem 18 via SNMPv3 using a standard default usmUser which 
5 has access only to these values (and the standard *system' group). Via the DH exchange, the 
manager 13 and the cable modem 18 can agree on a common shared secret which is used to 
populate the key values for another standard usmUser who has access to the usmUserTable to 
create and delete additional users. The manager 13 can then populate that table as necessary. 
In accordance with the present invention, the cable modem 18 comprises an MIB that 

10 comprises proprietary MIB module and associated MIB elements for effecting a Diffie- 

Hellman key exchange. More specifically, the MIB 20 comprises a proprietary MIB module 
referred to herein as TCE-DCM105-MIB which defines MIB elements such as 
tceDCMlOSKickstartMyPublic and tceDCMlOSKickstartMgrPublic objects that are 
employed for an SNMPv3 initialization process. These MIB elements provide a mechanism 

15 for the SNMPv3 agent 19 (in the cable modem 18) and the SNMP manager 13 to perform a 
Diffie-Hellman key exchange to place the private keys for the first valid user into the cable 
modem 18. The tceDCMlOSKickstartMgrPublic object is set to the Diffie-Hellman public 
value of the manager 13 during a registration process. There are various mechanisms by 
which the public value of the manager 13 is transferred to the agent. Preferably, this transfer 

20 is performed via the configuration file (e.g., in remote server 15) that is downloaded by the 
cable modem 18 during the cable modem registration process. The value of the 
tceDCMlOSKickstartMyPublic MIB element comprises the Diffie-Hellman public value of 
the agent 19 that the agent 19 publishes for access by the manager 13 via SNMP after the 
registration process. Preferably, the manager 13 reads the content of 

25 tceDCMlOSKickstartMyPublic using an initial user having a securityName, e.g., "docsislnit", 
with no authentication- A preferred initialization process will now be described in further 
detail with reference to the flow diagram of Fig. 2. 

The flow diagram of Fig. 2 illustrates a method for initializing a SNMPv3 agent 
according to one aspect of the present invention. In Fig. 2, steps 100-108 represent steps that 

30 are executed by the SNMPv3 agent and steps 200-208 represent steps that are executed by the 
manager. Upon initialization/power up of the cable modem, proprietary software loaded in 
the cable modem causes the SNMP agent to create an SNMPv3 user named "docsislnit" of 
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security level noAuthnoPriv and generate the appropriate USM and VACM entries (step 100). 
This initial valid user (which is used by the manager to access, e.g., the 

tceDCMlOSKickstartMy Public MIB element of the modem) will only have read access to the 
tceDCMlOSKickstart group, the system group, and the generic traps. Next, the agent 
5 generates a random number preferably up to 128 bytes in length (step 101). Then, using the 
well-known Diffie-Hellman protocol, the agent will convert its random number to a public 
value Pj of the agent (step 102). More specifically, the agent's public 

value = g'^^ Mod p , where ^ is the base from the set of Diffie-Hellman parameters,/? is 
the prime from those parameters, and is the random integer selected by the agent in the 

10 interval 2^'"^^ < r\< p-l, where / is the length of the private, random value tj in bits. The 
public value Pj is expressed as an OCTET STRING "PV" of length "k" which satisfies 

j7(integerpublicvaiue)= SIJM 2^^^^~^^^ PVi 

, where PVj, PV,^ are the octets ofPV from 
first to last, and where PVj !=0. In addition, the following Diffie-Hellman parameters (Oakley 
group #2, RFC 2409, sec. 6.1, 6.2) are preferably used: 
15 g^2; 

p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD 
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CBB6 F406B7ED 
20 EE386BFB 5A899FA5 AE9F241 1 7C4B1FE6 49286651 ECE65381 

FFFFFFFF FFFFFFFF; and 
7 = 64. 

The agent publishes its public value Pj in the MIB element tceDCMlOSKickstartMyPublic 
(step 103). 

25 During a registration process, the SNMP manager will generate its random number r^, 

which is preferably up to 128 bytes in length (step 200). The manager then transforms its 
random number to a public value P2 using the Diffie-Hellman key exchange protocol (step 
201) in the same manner as the agent and using the same parameter set as described above. 
In the DOCSIS fi^mework, during registration, as is known in the art, the cable 

30 modem attempts to establish network connectivity by, e.g., transmitting a DHCP (dynamic 

host configuration protocol) request to the CMTS to obtain an IP address and other parameters 
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that are needed to establish IP connectivity. The CMTS will transmit a DHCP response 
comprising, e.g., the name and location, e.g., the IP address of a TFTP (trivial file transfer 
protocol) server (such as the remote server 15 in Fig. 1), of a configuration file that is 
accessible by the cable modem. Using the information in the DHCP response, the SNMPv3 
5 cable modem will download the appropriate configuration file via TFTP. 

In accordance with the present invention, the manager transfers its public value to 
the agent via the configuration file (step 202) (which is downloaded by the modem) in one of 
several ways. In the exemplary embodiment illustrated in Fig. 2, this is performed using an 
SNMP "Set" MIB Object in the configuration file (i.e., the DOCSIS standard configuration 
10 file element type 1 1) to set the tceDCMlOSKickstartMgrPublic MIB element (in the cable 

modem) to the public value of the manager (step 104). Other embodiments for transferring 
the public value P2 of the manager to the cable modem are described below. 

When the agent determines that the tceDCMlOSKickstartMgrPublic has been set to 
the manager's public value, the agent computes a shared secret SK from its random number 
15 and the manager's public value P2 via the Diffie-Hellman key exchange protocol (step 105). 

More specifically, the SNMPvS agent computes the shared secret 5!^r = Pi'^^ Mod p , where p 
is the DH prime from the preferred common parameters described above. 

Next, in a preferred embodiment, the SNMPv3 agent converts the shared secret SX" to 
privacy and authentication keys as follows. First, the agent transforms the shared secret SK 
20 into a readable password of preferably 16 characters (or fewer) (step 106). Preferably, this is 
performed by discarding any OCTETS (in the SK string) beyond the 16* octet and then 
performing the following on each remaining octet: 

a. . if (octet > 0x7F), then octet = octet B 0x80; // Clear the top bit 

b. if (octet < 0x20) octet = octet + 0x40; // Re-Map control codes 
25 c. if(octet = 0x7F) octet = octet - 1; // Re-map delete character. 

Advantageously, this process of generating a readable password allows an operator at the 
NMS to easily enter the password (as opposed to entering the shared secret octet string). 

Second, the readable password is then translated into a 16 byte key, KC (step 107). 
Preferably, this step is performed using the algorithm described in Appendix A, section A.l, 
30 paragraph (2) of RFC 2574 "AUser-based Security Model (USM) for version 3 of the Simple 
Network Management Protocol". More specifically, a string of length 1, 048, 576 octets is 
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generated by repeating the value of the password as often as necessary, truncating 
accordingly, and using the resulting string as the input to the MD5 algorithm (which is well- 
known in the art) to generate a digest (termed "digest 1"), Then, a second string is formed by 
concatenating digest 1^ the SNMP engine's snmpEnginelD value, and digest 1. This string is 
used as input to the MD5 algorithm. The resulting digest is the 16 byte key. 

The SNMPv3 agent then generates an SNMPv3 user (provisioned user) referred to 
herein as "docsisProv" and generates appropriate USM and VACM table entries (as discussed 
in detail below) of security level AuthPriv with read/write access to the SNMPv3 tables, and 
then preferably sets both the privacy key and authentication key (of the provisioned user) to 
the value of the 16 byte key, KC (step 108). The agent will use this same 16 byte key, KC for 
any other users created in the SNMPvS tables by the configuration file. This ends the modem 
registration process. 

Upon completion of registration, the manager can confirm the modem has entered 
SNMPv3 mode by reading a non-zero length OCTET STRING (i.e., the agent's public value 
Pj) from the tceDCMlOSKickstartMyPublic MIB element (step 203). The manager will read 
this value using the initial user "docsislnit" (security level noAuthNoPriv) via an SNMP 
"Get" command. The manager will use its random number and the agent's public value Pj 
(i.e., the tceDCMlOSKickstartMyPublic value) to compute the shared secret SK (via the 
Diffie-Hellman key exchange algorithm) (step 204). This is the same shared secret SK 
computed by the agent. Next, the manager computes the same readable password for the 
"docsisProv" user from the shared secret SK (step 205), and then transforms the readable 
password to the value of KC (step 206) using the same process as the agent (described above 
in steps 106-107). The manager will then set the authentication and privacy keys for the 
provisioned user to the value of KC (step 207). It is to be appreciated that the Diffie-Hellman 
key exchange ensures that both the agent and the manager compute the same 16 character 
password without revealing it. It is to be appreciated that the security of this approach is 
directly related to the strength of the authorization security of the out of band provisioning of 
the manager's public value i'^- 

The manager may then create other SNMPv3 users by altering the SNMPv3 tables 
(i.e., accessing the SNMP-USER-BASED-SM-MIB and SNMP-VIEW-BASED-ACM-MIB) 
using the *'docsisProv" user and the password for both authentication and privacy in the 
AuthPriv security level (step 208). 



SUBSTITUTE SHEET (RULE 26) 



wo 01/24444 



PCT/USOO/26060 



9 

The following are exemplary entries that are generated in the SNMPv3 USM and 
VACM tables for initializing a DOCSIS cable modem in SNMPv3 mode. More specifically, 
the following exemplary entries (l-4a, b, c) are preferably pre-installed and initialized in the 
DOCSIS SNMPvS compliant modem upon power-up: 

(1) This entry {usmllserEntry) in the usmUserTable allows access to the system and 
tceDCMlOSKickstart groups. This entry allows the SNMP manager to read the modem's 
Diffie-Hellman public value (which is published by the agent in the 
tceDCMKickstartMyPublic MIB element) after registration has completed: 



usm UserEnginelD 


localEnginelD 


usm UserName 


"docsislnit" 


usm UserSecurityName 


"docsislnit" 


usm UserCloneFrom 


ZeroDotZero 


usm UserAuthProtocol 


none 


usm UserAuthKeyChange 


If M 


usm UserOwnAuthKeyChange 


fill 


usm UserPrivProtocol 


none 


usm UserPrivKeyChange 


itti 


usm UserOwnPrivKeyChange 


fill 


usm UserPublic 


III! 


usm UserStorageType 


permanent 


usm UserStatus 


active 



(2) An entry (yacmSecurityToGroupEntry) is generated in the 
vacmSecurityToGroupTable to map the initial user "docsislnit" into the accessible objects 
(i.e., this entry generates a groupName for the initial user "docsislnit" which is used to define 
an access control policy for fhe intial user): 

vacmSecurityModel 3 (USM) 

vacmSecurityName "docsislnit" 
vacmGroupName "docsislnit" 
vacmSecurityToGroupStorageType permanent 
vacmSecurityToGroupStatus active. 
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(3) An entiy {vacmAccessEntry) is generated in the vacmAccessTable translates the 
groupName for the intial user into appropriate view name (i.e., this entry defines the access 
rights for the intial user "docsislnit")^ 



vacm GroupName 
vacmAccessContextPrefbc 
vacmAccessSecurityModel 
vacm A ccessSccurity Level 
vacm A ccessContextMatch 
vacmA ccessReadViewName 
vacmAccess Write ViewName 
vacmAccessNotiJyViewName 
vacmAccessStorageType 
vacmAccessStatus 



"docsislnit" 

Mil 

3 (USM) 

noAuthNoPriv 

exact 

" docsi sInitRestricted" 
ff ft 

"docsisLiitRestricted" 

permanent 

active 



The above entry in the vacmAccessTable is used for unauthenticated access, i.e., read-notify 
access for securityModel USM, securityLevel "noAuthNoPriv" on h^hslf of securityName 
(i.e., user "docsislnit") that belongs to the group "docsislnit" to the "docsisInitRestricted" MIB 
view in the default context with contextName "". 



(4) The following three entries {vacm ViewTreeFamilyEntry) are generated in the 
vacm ViewTreeFamilyTable to allow the initial entry to access the system, kickstart groups, 
and generic traps: 

(a) vacm ViewTreeFamilyVieivName 
vacm ViewTreeFamilySubtree 
vacm ViewTreeFamilyMask " " 

vacmViewTreeFamilyType 1 (included) 

vacm ViewTreeFamilyStorageType permanent 
vacm ViewTreeFamilyStatus active 



"docsisInitRestricted" 
1.3.6. L2. 1.1 (system) 



(b) vacm ViewTreeFamilyViewName 
vacm ViewTreeFamilySubtree 
vacm ViewTreeFamilyMask 



"docsisInitRestricted" 
(tceDCM 1 OSKickstartGroup) 
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vacm ViewTreeFamilyType 

vacm ViewTreeFamilyStorageType 

vacm ViewTreeFamilyStatus 

vacm ViewTreeFamilyViewName 
vacm ViewTreeFamilySubtree 
vacm ViewTreeFamilyMask 
vacm ViewTreeFamilyType 
vacm ViewTreeFamilyStorageType 
vacm ViewTreeFamilyStatus 



1 (included) 

permanent 

active 

"docsislnitRestricted" 

1. 3. 6.1. 6.3. L 1.5 (snmpTraps) 

nil 
1 

permanent 
active 



The following entries (5-8a, b, c, d) are created in the SNMPv3 compliant modem 
when the Diffie-Hellman key exchange is completed. 

(5) The following entry in the usmUserTable is associated with the provisioned user 
that is created with the authentication and privacy keys set by the DH key exchange. This 
entry is preferably created when the modem is correctly provisioned via entry of the 
manager's public value in the modem via the configuration file as explained above (step 202. 
104 of Fig. 2). It is to be noted that the userName "docsisProv" gives at least full access to 
the usmUserTable for the created of additional valid user: and is preferably generated with the 
Authentication and privacy keys set by the DH Key exchange: 
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15 



usm UserEnginelD 

usm UserName 

usm UserSecurityName 

usm UserCloneFrom 

usm UserA uthProtocol 

usm UserAuthKeyChange 

usm UserOwnAuthKeyChange 

usm UserPrivProtocol 

usm UserPrivKeyChange 

usm UserOwnPrivKeyChange 

usm UserPublic 

usm TJserStorageType 

usm UserStatus 



localEnginelD 
"docsisProv" 
"docsisProv" 
ZeroDotZero 

usmHMACMDSAuthProtocol 



usmDESPrivProtocol 



pennanent 
active 



(6) The next entry maps the provisioned user "docsisProv" into the accessible objects: 



20 



vacmSecurityModel 3 (USM) 

vacmSecurityName "docsisProv" 

vacmGroupName "docsisProv" 

vacmSecurityToGroupStorageType permanent 

vacmSecurityToGroupStatus active 



25 



(7) The next entry translates the groupName for the provisioned user to a view name: 



user. 



30 



vacm GroupName 

vacmAccessContextPrefix 

vacmAccessSecurityModel 

vacmAccessSecurityLevel 

vacmAccessContextMatch 

vacm A ccessReadViewName 



"docsisProv" 
fiff 

3 (USM) 
AuthPriv 
exact 

"docsisProv" 
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vacmAccess Write ViewName 
vacmAccessNotify ViewName 
vacmAccessStorageType 
vacmAccessStatus 



PCT/USOO/26060 

"docsisProv" 
"docsisProv" 
pennanent 
active 



(8) The following four entries allow the provisioned user read-write access to ttie 
system, tceDCMJ 05Kickstart, usmMIBObjects, and vacmMIBObjects groups: 



(a) - vacmViewTreeFamilyViewName 

vacm ViewTreeFamilySubtree 
vacm ViewTreeFamUyMask 
vacm ViewTreeFamilyType 
vacm ViewTreeFamilySiorageType 
vacm ViewTreeFamUyStatus 

(b) vacm ViewTreeFamilyViewName 
vacm ViewTreeFamilySubtree 
vacm ViewTreeFamilyMask 
vacm ViewTreeFamilyType 

vacm ViewTreeFamilyStorageType 
vacm ViewTreeFamUyStatus 



"docsisProv" 

1.3.6.1.2.1.1 (system) 
titi 

1 

permanent 
active 

"docsisProv" 

1 .6.3. 1.6.3.15.1 (usmMIBObjects) 
lilt 

1 

permanent 
active 



(c) vacm ViewTreeFamilyViewName 

vacm ViewTreeFamilySubtree 1 .< 

vacm ViewTreeFamilyMask 

vacm ViewTreeFamilyType 

vacm ViewTreeFamilyStorageType 

vacm ViewTreeFamUyStatus 



"docsisProv" 
.3 . 1 .6 .3 . 1 6. 1 (vacmMIBObj ects) 

nil 

1 

permanent 
active 
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(4) vacm ViewTreeFamily ViewName "docsisProv" 

vacm ViewTreeFamilySubtree (tceDCM 1 05KickstartGroup)\ 

vacm ViewTreeFamilyMask " " 

5 vacmViewTreeFamilyType 1 

vacm ViewTreeFamilyStorageType permanent 

vacm ViewTreeFamilyStatus active 

In alternative embodiments of the present invention, other methods may be used to 
10 enter the manager's Diffie-Hellman public value into the modem and put it into SNMPv3 
mode using proprietary configuration file elements (other than using an SNM? MIB object 
(configuration file element type 1 1) to set the tceDCMlOSKickstartMgrPublic MIB element 
as discussed above). These proprietary elements are particularly useful to initialize an 
SNMPv3 compliant modem in a SNMP network that has only SNMPvl/v2c modems which 
15 are not able to process a configuration file containing SNMP sets to the 

tceDCMlOSKickstartMgrPublic element and, consequently, cause the SNMPvl/v2c modems 
to reject the configuration file. For instance, the following configuration file elements may be 
used: 

(1) tceKickStartMgrPublic (element 180) - This element comprises an 
20 octet string up to 128 bytes long with the manager's public value: and 

(2) tceKickStartMgrPublic2 {element 181)- This configuration file also comprises 
the managers public value. But in addition to putting the modem into SNMPv3 mode, it will 
cause the modem to translate the contents of a docsDevNmAccessTable (which is used for 
controlling access in SNMPvl/v2c) to corresponding entries in the SNMPvS User, group, 

25 access, and view tables. More specifically, for each entry in the docsDevNmAccessTable^ a 
user and view is created with a userName set to the value in the community string and an 
access table entry that requires noAuthNoPriv security level. Also, entries are made in the 
SNMPvS NOTIFICATION-MIB to cause traps to be sent to any trap receivers designated m 
the docsDevNmAccessTable. By using this configuration file element (1 81), the modem will 

30 be put in SNMPv3 mode and still be accessible by SNMPv2 managers. Details of this 

configuration file element and the associated translation process are described in the PCT 
patent application ""System and Method For Simple Network Management Protocol (SNMP) 
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v3 Modems to Interoperate with SNMPvl/v2c Modems" Attorney Docket No RCA 89827 
filed concurrently herewith. 

In another embodiment, the public values Pj and of the agent and manager may be 
exchanged using DHCP. For instance, the agent may include its public value in the DHCP 
request that is transmitted to the CMTS during the initialization process (as described above) 
and the manager's public value may be transmitted to the cable modem in the associated 
DHCP response. In particular, the following DHCP proprietary element 
tceDHCPKickstartMgrPublic (182) may be included in the DHCP response. 
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CLAIMS 

1. A method for initializing a SNMP (simple network management protocol) v3 
device, wherein an SNMP manager and an SNMP agent in the SNMPv3 device utilize a 
Diffie-Hellman key exchange protocol to enter an initial privacy key and an initial 

5 authentication key into the SNMPv3 device, wherein the SNMP manager and the SNMP 
agent both generate an associated random number and public value, wherein the SNMP 
manager passes its public value to the SNMP agent in a configuration file, wherein the SNMP 
manager reads the public value of the SNMP agent through a SNMP request using an initial 
valid user having access to the public value of the SNMP agent, and wherein the SNMP agent 
10 and SNMP manager compute a shared secret using the Diffie-Hellman key exchange protocol, 
wherein the method is characterized by the steps of: 

converting the shared secret into a readable password; 
converting the readable password into a secret key; and 

setting an initial authentication key and an initial privacy key to the value of the secret 

15 key. 

2. The method of claim 1, wherein the readable password comprises a 16 character 
password. 

20 3. The method of claim 1, wherein the secret key comprises a 16 byte string. 

4. The method of claim 1, fiirther characterized in that the configuration file 
comprises a proprietary configm^tion file element for passing the public value of the SNMP 
manager to the SNMP agent. 

25 

5. The method of claim 4, wherein the SNMPv3 device operates in a SNMPvl/v2c 
enabled network comprising a SNMPv2c device, and wherein the proprietary configuration 
file element is ignored by the SNMPv2c device. 
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(57) Abstract: A system and method for initializmg an SNMP agent in 
SNMFV3 mode. In one aspect of the invention, a method is provided that 
allows an operator to securely enter the initial SNMPv3 privacy and au- 
thentication keys into an SNMPv3 device and cause the device to enter in 
SNMPv3 mode. The SNMP manager and SNMP agent both generate an as- 
sociated random number and public value (steps 100, 101, 200, 201). The 
SNMP manager passes its public value to the SNMP agent in a configura- 
tion file, which causes a proprietary MIB element in the SNMPv3 device 
to be set with the public value of the SNMP manager (steps 202, 104), 
The SNMP manager reads the public value of the SNMP agent throu^ an 
SNMP request using an initial valid user having access to the public value 
of the SNMP agent (steps 103, 203). The SNMP a^t and SNMP man- 
ager each independently compute a shared secret using the Diffie-Hellman 
key exchange protocol (steps 105, 204). The SNMP manager and SNMP 
agent each independendy convert the shared secret into the same readable 
password (steps 106, 205), convert the readable password into the same se- 
cret key (steps 107, 206) and set the initial authentication key and the initial 
privacy key to the value of the secret key (steps 108, 207). 
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AGENT INTIALIZES DEFAULT 
USM AND VACM ENTRIES FOR 
INITIAL USER "DOCSISINIT" 



100 



AGENT GENERATES 
RANDOM NUMBER 



101 



AGENT CONVERTS RANDOM 
NUMBER TO PUBLIC VALUE Pi 



AGENT SETS THE MIB ELEMENT 
tceDCMKickstartMyPubiic 
TO THE PUBLIC VALUE Pi 



102 



103 



rKS>- 



THE AGENTS MIB ELEMENT 

tceDCMKickstartMgrPublic IS SET 
TO THE PUBLIC VALUE P2 




104 



AGENT GENERATES SHARED 
SECRET SK BY 
COMBINING ANDP2 



105 



AGENT TRANSFORMS SHARED SECRET 

SK INTO READABLE PASSWORD 



•106 



AGENT TRANSFORMS READABLE 
PASSWORD INTO A KEY. KC 



I 
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TABLE ENTRIES FOR PROVISIONED USER 

"DocsisProv", AND SETS 
AUTHENTICATION AND PRIVACY KEYS OF 

PROVISIONED USER TO VALUE OF KC 
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TO AGENT VIA THE CONFIGURATION FILE 



203 
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MANAGER TRANSFORMS READABLE 
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USER TO VALUE OF KC 



MANAGER CREATES OTHER VALID 
USERS BY ALTERING SNMPvS TABLES 
USING "DocsisProv" USER TO GAIN 
ACCESS TO MIB ELEMENTS 
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